#sh0kc

hello! What do you need help with?

so basically for some reason I get this 400 error from my webhook and to be honest i'm new on this stuff so basically i have a brief understanding of what is happening.

This is a good read for 400 errors : https://support.stripe.com/questions/webhooks-what-to-do-when-the-http-status-code-starts-with-a-four-(4xx)-or-five-(5xx) and how to resolve them. I think as a start, you should verify that you're using the correct webhook secret to verify the signature. Sometimes folks forget to change the webhook secret when they migrate from test to production

By the way as you can see in the screenshot I have a CSRF_exempt decorator should it stay in production?

i don't know why you're including that and that's your own integration so you would need to decide on your own requirements whether it should stay in production

hey , in production the webhook should look something like this right? (just an Example) 'we_1OBnNaFMVbz4I5yVMElS9DeX'

you're referring to the webhook endpoint id? The format is the same in both test and production, but yes

in test it was something like ' whsec_ ...' but right now it begins with 'we_1O ..' i've basically replaced the test one with the actual one and am curious if this could be the error case

ah, so whsec is the webhook secret

we_ is the webhook endpoint id

you can try resending a recent event via the Dashboard and see if that works now

wait , so I need whsec still right?

whsec is the webhook secret key and yes you do need it to verify the signature

alright so for what do i need the webhook id?

nothing really, unless you're managing multiple webhooks via the API

each webhook endpoint has it's own unique ID to identify it

oohhh okay I think I get it

how do i get the endpoint secret when i have registered my webhook on stripe

it's in the Dashboard

click into the webhook and there should be a Signing secret where you can reveal it

can you please give me a url? thanks

https://dashboard.stripe.com/test/webhooks